What Are You Doing About the Viruses, Hackers and Thieves?

IT security is getting tougher, as cybercriminals step up their game and attack on multiple fronts. What are you doing to help your customers stay secure in these times of viruses, hackers and cybercriminals?

Every day the threats grow worse. Spammers, malicious hackers, organized cybercriminals and even foreign governments are working tirelessly to penetrate corporate databases to disrupt service, steal information and profit from it.

Here are some facts to chew on:

Most modern threats are web-borne

2 million new viruses are identified every month

Attackers are targeting printers, thermostats and other “non-computing” devices

600,000 Facebook accounts are hacked each day

Social network data is being used for targeted attacks

Crimes are automated using distributed botnets

Embedding malware in software and videos have resulted in blackmail

This is according to Raffi Jamgotchian, President and CTO of Triada Networks, a solution provider focusing on security solutions in the financial and healthcare markets. So, as a solution provider, what are you doing about it? I can tell you what Triada is doing.

Jamgotchian recently hosted an informative webcast educating some of his current and potential customers about the threats out there, the common mistakes most companies make and what they need to do to protect their companies better.

First, Jamgotchain set the tone by putting the potential damage and security breach can cost an organization. It costs a company $194 for each new customer record that is lost, he said, citing the Ponemon Institute. That translates into $19,400 if you have 100 customers and $194,000 if you have 1,000 customers, he said. But the financial and information loss is just the beginning. There are legal, regulatory, company reputation and even personal safety issues as well.

And despite some well-publicized and high-profile breeches, businesses are still extremely vulnerable and have a false sense of security. According to Jamgotchian:

25 percent aren’t using antivirus software, or, if they are, many are out of date and ineffective;

60 percent don’t protect their wireless networks at the office;

two-thirds don’t have a security plan in place; and

less than 6 percent of data breaches are actually discovered by the company.

Even scarier, 50 percent of businesses that are hacked go out of business within three years, he said.

One area of growing threats is through mobile devices, Jamgotchian said, citing mobile malware in the form if fake banking applications and Flashlight apps on Andriod store. These breeches can allow access to all of your mobile data including contacts, calendar, camera and email and even can intercept and eavesdrop on calls, he said.

Criminals are also using the power of the cloud to hack other sites and crack passwords because users turn off passwords to their dropboxes, he said. However, Jamgotchian stresses that the cloud computing environment is a secure environment if planned correctly. “Hacks are due to poor planning and architecture, not problems with the cloud itself,” he said.

So what should solution providers be doing for their customers to protect them? Jamgotchian suggests a four-pronged approach: catch, patch, match and educate.

Catch: Organizations need to filter both their inbound and outbound email for viruses and spam. Companies need to, “install antivirus and antimalware software on [their] desktops and exposed servers. Make sure that these applications are being centrally monitored so you can see if a threat is widespread or isolated and ensure that they are kept up to date,” he said, adding that companies need advanced firewalls providing multiple layers of security.

Patch: Keep current with operating system and application patch updates. “Keep your operating systems up to date. These patches are meant to fix vulnerabilities that are known,” Jamgotchian said.

Match: TMatch the right people, roles and responsibilities to the proper restrictions. “Restrictions are made so that only authorized individuals that are privileged have access. Most employees do not need administrative access to their computers,” he said.

Educate: It’s one thing for organizations to create good policy but they have to communicate it, follow it and check it, Jamgotchian said.

He went on to explain more effective mobile, wireless and firewall strategies, how costly and ineffective point solutions can be, and the benefits of unified threat management.

Jamgotchian is being proactive in communicating these issues to his customer base, are you?

Discuss this Article 2

Anonymous (not verified)

on Apr 29, 2013

While I agree that the four-pronged approach is OK, its still REACTIVE. The bad guys are always several steps ahead. Its time to think PROACTIVELY in our approach to security. While convenience is always touted for users, where does a majority of the breeches occur? Some type of user induced event, whether bringing in a personal USB or clicking on a phishing email... education should be at the forefront. Then I say that the company needs to take a stand and take back its network; BYOD be damned, its the COMPANY network. Why are employees allowed to click on mischievous links from their FACEBOOK account at work? These are things that should be reconsidered by CIOs and Network Administrators.

I'm a student at Clark College in Vancouver, WA. My major is Computer Support. This article was very illuminating and it gave me quite a bit to think about in terms of my educational needs going forward. Thank you.